The General Data Protection Regulation (GDPR)

16th January, 2018

The General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) will become enforceable on 25 May 2018, and will set a high bar for global privacy rights and compliance. FICPI is actively preparing its business and compliance processes prior to the GDPR taking effect.

What is the GDPR?

You may have heard of the GDPR: the General Data Protection Regulation, a European privacy law approved by the European Commission in 2016. The GDPR will replace a prior European Union privacy directive known as Directive 95/46/EC (the “Directive”), which has been the basis of European data protection law since 1995.

A regulation such as the GDPR is a binding act, which must be followed in its entirety throughout the EU. The GDPR is an attempt to strengthen, harmonise, and modernise EU data protection law and enhance individual rights and freedoms, consistent with the European understanding of privacy as a fundamental human right.

The GDPR regulates, among other things, how individuals and organisations may obtain, use, store, and eliminate personal data. It will have a significant impact on businesses around the world.

When does it come into effect?

The GDPR was adopted in April 2016, but will officially be enforceable beginning on 25 May 2018. There will not be a “grace period,” so it is important that organisations impacted by the GDPR get ready for it now.

How does it affect FICPI and its Members?

The scope of the GDPR is very broad. The GDPR will affect:

all organisations established in the EU, such as FICPI; and

all organisations involved in processing personal data of EU citizens.

The latter is the GDPR’s introduction of the principle of “extraterritoriality”; meaning, the GDPR will apply to any organisation processing personal data of EU citizens – regardless of where it is established, and regardless of where its processing activities take place.

The GDPR could apply to any organisation anywhere in the world, and all organisations should perform an analysis to determine whether or not they are processing the personal data of EU citizens. The GDPR also applies across all industries and sectors.

What is considered “personal data”?

Per the GDPR, personal data is any information relating to an identified or identifiable individual; meaning, information that could be used, on its own or in conjunction with other data, to identify an individual. Consider the extremely broad reach of that definition. Personal data will now include not only data that is commonly considered to be personal in nature (e.g., names, physical addresses, email addresses, ID numbers), but also data such as IP addresses, behavioural data, location data, biometric data, financial information, and much more.

This means that for FICPI at least a majority of the information that we collect about our subscribers and contacts will be considered personal data under the GDPR. It is also important to note that even personal data that has been “pseudonymized” can be considered personal data if the pseudonym can be linked to any particular individual.

What do you need to do?

We are happy to signal to you, that on behalf of FICPI Communications, no action from you has to be taken.

You, or your organisation, are probably already taking steps to ensure your business is compliant. We encourage you to work with legal and other professional counsel to determine precisely how the GDPR might apply to your organisation.

What is FICPI doing to comply with GDPR?

FICPI uses a number of methods to communicate with members; Mailchimp, SurveyMonkey and Campaign Monitor. All products are stringently adhering to the GDPR and the data that FICPI stores within these products follow GDPR guidelines.

FICPI holds certain information pertaining to its members and non-members (a non-member is a person who has expressed an interest in FICPI or has attended a FICPI event).

For members, FICPI holds the following details within its membership database:

Title

Full Name

Firm (when provided)

Address

Telephone, Facsimile, Mobile (when provided)

Email (generic for firm or individual)

Date of Birth (when provided)

Date when membership commenced (where known)

Academic Qualifications (German members)

Whilst some members apply to join FICPI, others automatically become members due to their membership of National Associations. For example, all German members of the Patentanwaltskammer are automatically enrolled as members of FICPI.

We encourage you to work with legal and other professional counsel to determine precisely how the GDPR might apply to your organisation.

FICPI will never share your personal details with third-parties*.

* The exception to this is at FICPI events. The Delegates and Delegates’ Guests’ Attendee List is made available to all individuals and exhibitors in attendance as part of the terms of attendance. This list only contains an individual's name, firm and country.